LEGAL

COINBASE PRIVACY POLICY

This Privacy Policy describes how Coinbase UK, Ltd ("Coinbase") collects, uses, stores, shares, and protects your information whenever you use coinbase.com, gdax.com, a Coinbase mobile app, any Coinbase or GDAX API or third party applications relying on such an API (the "Coinbase Site") or any Coinbase Services. By using the Coinbase Site and Coinbase Services, you consent to the data practices prescribed in this statement. We may periodically post changes to this Privacy Policy on this page, and it is your responsibility to review this Privacy Policy frequently and we encourage you to visit this page often. When required by law, we will notify you of any changes to this Privacy Policy.

Last updated: May 27, 2016

HOW WE COLLECT INFORMATION ABOUT YOU

When you use Coinbase Services, we collect information sent to us through your computer, mobile phone, or other access device. This information may include your IP address, device information including, but not limited to, identifier, device name and type, operating system, location, mobile network information, and standard web log information, such as your browser type, traffic to and from our site, and the pages you accessed on our website. Coinbase does not intentionally collect information from or about any individual who is under 13 years old.

If you create an account or use Coinbase Services, we, or our affiliates vendors acting on our behalf may collect the following types of information:

Financial information - the full bank account and routing numbers and/or credit card numbers that you link to your Coinbase Account or input when you use paid Coinbase Services. If you do not use the Coinbase Conversion Service, you may opt out of providing this information.

If you seek permissions to raise Digital Currency buy and sell limits associated with your Coinbase Account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk. This information may include your date of birth, taxpayer or government identification number, a copy of your government-issued identification, or other personal information. We may also obtain information about you from third parties such as credit bureaus and identity verification services.

When you use Coinbase Services, we collect information about your transactions and/or your other activities on our website and we may continuously collect information about your computer, mobile device, or other access device for fraud prevention purposes, to monitor for possible breach of your Coinbase Account, and to identify any malicious software or other activity that may harm Coinbase or its users.

You may choose to provide us with access to certain personal information stored by third parties such as social media sites (such as Facebook and Twitter). The information we have access to varies by site and is controlled by your privacy settings on that site and your authorization. By associating an account managed by a third party with your Coinbase account and authorizing Coinbase to have access to this information, you agree that Coinbase may collect, store, and use this information in accordance with this Privacy Policy.

Finally, we may collect additional information you may disclose to our customer support team.

HOW WE USE COOKIES

When you access our website or content or use our application or Coinbase Services, we or companies we work with may place small data files called cookies or pixel tags on your computer or other device. We use these technologies to:

Recognize you as a Coinbase customer;

Customize Coinbase Services, content, and advertising;

Measure promotional effectiveness; and

Collect information about your computer or other access device to mitigate risk, help prevent fraud, and promote trust and safety.

We use both session and persistent cookies when you access our website or content. Session cookies expire and no longer have any effect when you log out of your account or close your browser. Persistent cookies remain on your browser until you erase them or they expire.

We also use Local Shared Objects, commonly referred to as "Flash cookies," to help ensure that your account security is not compromised, to spot irregularities in behavior to help prevent fraud, and to support our sites and services.

We encode our cookies so that only we can interpret the information stored in them. You are free to decline our cookies if your browser or browser add-on permits, but doing so may interfere with your use of Coinbase Services. The help section of most browsers or browser add-ons provides instructions on blocking, deleting, or disabling cookies.

You may encounter Coinbase cookies or pixel tags on websites that we do not control. For example, if you view a web page created by a third party or use an application developed by a third party, there may be a cookie or pixel tag placed by the web page or application. Likewise, these third parties may place cookies or pixel tags that are not subject to our control and the Coinbase Privacy Policy does not cover their use.

HOW WE PROTECT AND STORE PERSONAL INFORMATION

Throughout this policy, we use the term "personal information" to describe information that can be associated with a specific person and can be used to identify that person. This Privacy Policy does not apply to personal information that has been anonymized so that it does not and cannot be used to identify a specific user. Coinbase takes reasonable precautions, as described herein, to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

We store and process your personal and transactional information, including certain payment information, where Coinbase facilities or our service providers are located, including in the United States of America, and we protect it by maintaining physical, electronic, and procedural safeguards in compliance with applicable laws. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we authorize access to personal information only for those employees who require it to fulfill their job responsibilities. Full credit card data is securely transferred and hosted off-site by a payment vendor in compliance with Payment Card Industry Data Security Standards (PCI DSS). This information is not accessible to Coinbase staff.

We store our customers' personal information securely throughout the life of the customer's Coinbase Account. Coinbase will retain your personal information for a minimum of five years or as necessary to comply with our legal obligations or to resolve disputes.

HOW WE USE THE PERSONAL INFORMATION WE COLLECT

Our primary purpose in collecting personal information is to provide you with a secure, smooth, efficient, and customized experience. We may use your personal information to:

We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties. You may opt out of having your personal information shared with third parties, or from allowing us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization. If you choose to so limit the use of your personal information, certain features or Coinbase Services may not be available to you.

MARKETING

We will never sell or rent your personal information to third parties.

Any communications we send to you will either be related to your account or will be related to Coinbase services or products. In the event Coinbase sends any communication to you which is not related specifically to your account, Coinbase will provide you with an "unsubscribe" mechanism through which you may opt out of receiving other similar messages in the future.

HOW PERSONAL INFORMATION IS SHARED WITH OTHER COINBASE USERS

If you use your Coinbase Account to transfer Digital Currency in connection with the purchase or sale of goods or services, we or you may also provide the seller with your shipping address, name, and/or email to help complete your transaction with the seller. The seller is not allowed to use this information to market their services to you unless you have agreed to it. If an attempt to transfer Digital Currency to your seller fails or is later invalidated, we may also provide your seller with details of the unsuccessful transfer. To facilitate dispute resolutions, we may provide a buyer with the seller's address so that goods can be returned to the seller.

In connection with a Digital Currency transfer between you and a third party, including merchants, a third party may share information about you with us, such as your email address or mobile phone number which may be used to inform you that a transfer has been sent to or received from the third party. We may use this information in connection with such transfers to confirm that you are a Coinbase customer, that Digital Currency transfers are enabled, and/or to notify you that you have received Digital Currency. If you request that we validate your status as a Coinbase customer with a third party, we will do so. You may also choose to send Digital Currency to or request Digital Currency from an email address. In such cases, your user name will be displayed in an email message notifying the user of the designated email address of your action. Please note that merchants you interact with may have their own privacy policies, and Coinbase is not responsible for their operations, including, but not limited to, their information practices.

If you authorize one or more third-party applications to access your Coinbase account, then information you have provided to Coinbase may be shared with those third parties. Unless you provide further authorization, these third parties are not allowed to use this information for any purpose other than to facilitate your transactions using Coinbase services.

HOW WE SHARE PERSONAL INFORMATION WITH OTHER PARTIES

We may share your personal information with:

Third party identity verification services in order to prevent fraud. This allows Coinbase to confirm your identity by comparing the information you provide us to public records and other third party databases. These service providers may create derivative data based on your personal information that can be used solely in connection with provision of identity verification and fraud prevention services;

Service providers under contract who help with parts of our business operations such as bill collection, marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else;

Financial institutions with which we partner;

Companies or other entities that we plan to merge with or be acquired by. Should such a combination occur, we will require that the new combined entity follow this Privacy Policy with respect to your personal information. You will receive prior notice of any change in applicable policy;

Companies or other entities that purchase Coinbase assets pursuant to a court-approved sale under U.S. Bankruptcy law;

Law enforcement, government officials, or other third parties when:

We are compelled to do so by a subpoena, court order, or similar legal procedure; or

We believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of our User Agreement; and

Other third parties with your consent or direction to do so.

Before Coinbase shares your information with any third party that is not acting as an agent to perform tasks on behalf of and under the instructions of Coinbase, Coinbase will enter into a written agreement requiring that the third party to provide at least the same level of privacy protection as required hereunder.

If you establish a Coinbase account indirectly on a third party website or via a third party application, any information that you enter on that website or application (and not directly on a Coinbase website) will be shared with the owner of the third party website or application and your information may be subject to their privacy policies.

In general, we will notify you of material changes to this policy by updating the last updated date at the top of this page, and we will provide you with explicit notice of material changes as required by law. We recommend that you visit this page frequently to check for changes.

Specific consent by users in the European Economic Area

If you are located in, or a resident of, the European Economic Area ("EEA"), you specifically and voluntarily consent to the transfer of your personal information to our related entity and service providers in the USA, for the specific purposes of performing identity verification or checking, to enable us to prevent fraud and comply with our legal obligations.

The USA may not have protections in place for personal data as extensive as those within the EEA. However, we require our service providers, including Coinbase, Inc., to treat your personal information in strict confidence and use appropriate security measures to protect it. We also require them to uphold the standards of the European Union's Directive on Data Protection, and all of our other obligations under this Privacy Policy.

You may revoke your consent to this section at any time by emailing trust@coinbase.com with the subject line "Revoke EEA data consent".

Specific consent by users in Singapore

If you are located in, or a resident of, Singapore, you specifically and voluntarily consent to the transfer of your personal information to our related entity and service providers in the USA, for the specific purposes of performing identity verification or checking, to enable us to prevent fraud and comply with our legal obligations.

The USA may not have protections in place for personal data as extensive as those within Singapore. However, we require our service providers, including Coinbase, Inc., to treat your personal information in strict confidence and use appropriate security measures to protect it. We also require them to uphold all of our other obligations under this Privacy Policy.

You may revoke your consent to this section at any time by emailing trust@coinbase.com with the subject line "Revoke Singapore data consent".

HOW YOU CAN ACCESS OR CHANGE YOUR PERSONAL INFORMATION

You are entitled to review, correct, or amend your personal information, or to delete that information where it is inaccurate, and you may do so at any time by logging in to your account and clicking the Profile or My Account tab. This right shall only be limited where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated. If you close your Coinbase account, we will mark your account in our database as "Closed," but will keep your account information in our database for a period of time described above. This is necessary in order to deter fraud, by ensuring that persons who try to commit fraud will not be able to avoid detection simply by closing their account and opening a new account. However, if you close your account, your personally identifiable information will not be used by us for any further purposes, nor sold or shared with third parties, except as necessary to prevent fraud and assist law enforcement, as required by law, or in accordance with this Privacy Policy.

HOW YOU CAN CONTACT US ABOUT PRIVACY QUESTIONS

If you have questions or concerns regarding this policy, or if you have a complaint, you should first contact us on our support page or by writing to us at Coinbase UK, Ltd, 13 Freeland Park, Wareham Road, Lytchett Matravers, Poole BH16 6FH,UNITED KINGDOM.